Abstract
It is a challenging task to generate correct network configurations to minimize the attack surface while meeting practical requirements, especially when the interdependent relationships between configurations scattered across physical, network and information domain are taken into consideration. As configurations in different domains are commonly generated separately while their complex inter-relationships are ignored, extra vulnerabilities would be introduced. This paper proposes a novel risk assessment framework named MDC-Checker to help network administrators to assess the risk involved. Firstly, the framework extracts the semantics from multiple domain configurations and network documents. Then, the Multiple Domain Semantics Graph (MDSG) and the Privilege Dependency Graph (PDG) are established in sequence to reason user actual privileges from their initial privileges. Finally, the differences between user deserved privileges and user actual privileges are used to measure the impact of multiple domain configurations on network security. A simulated network scenario with different sets of configurations is employed to validate the effectiveness and scalability of our framework and approach. The experimental results show that the framework captures the influences of multiple domain configurations on network security successfully and the approach is scalable to different sizes of the network.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
